Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs One Identity Safeguard comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
8.4
Cisco Identity Services Engine enhances security, reduces breaches, ensures compliance, simplifies management, and consolidates systems for cost savings and efficiency.
Sentiment score
7.1
One Identity Safeguard enhances security, compliance, and efficiency, especially benefiting organizations with local infrastructure, by managing privileged access.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
Any PAM solution, when I deploy it well and customers use it, leads to a return on investment.
 

Customer Service

Sentiment score
5.9
Cisco ISE support is praised for knowledge and responsiveness, yet occasionally inconsistent with integration and follow-up challenges.
Sentiment score
6.6
One Identity Safeguard's customer service is generally strong but experiences inconsistent response times and issue resolution.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
I sometimes need escalations to reach expertise.
 

Scalability Issues

Sentiment score
7.3
Cisco Identity Services Engine (ISE) offers high scalability, supporting large deployments and enterprise expansions despite hardware and setup challenges.
Sentiment score
7.0
One Identity Safeguard is scalable and fits diverse needs, but some experience degradation and suggest improvements in scalability.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
If customer usage increases, I can add new appliances, but this incurs costs.
 

Stability Issues

Sentiment score
7.7
Cisco ISE is highly reliable and stable, though larger deployments may experience occasional performance and configuration challenges.
Sentiment score
7.5
One Identity Safeguard is stable with strong functionality and high availability, despite occasional configuration challenges and non-LTS bugs.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
I encounter problems primarily with the failover procedure.
 

Room For Improvement

Cisco Identity Services Engine requires improved integration, user interface, documentation, compatibility, and management efficiency to enhance user experience.
Users seek improved session management, integration, interface, resource efficiency, technical support, documentation, upgrades, policy management, storage, and cost solutions.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
Additionally, the product is vulnerable and has many bugs.
For some configurations on the SPS side, if I need to make changes, such as for DNS servers, I must redeploy the machine.
 

Setup Cost

Cisco ISE offers three pricing tiers, with high costs and complex licensing, but provides extensive features and potential discounts.
One Identity Safeguard is a robust, costly enterprise solution favored for its effectiveness despite cheaper alternatives.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
Making large organizational costs significant.
 

Valuable Features

Cisco ISE enhances network security with integration, 802.1X authentication, policy management, ease of use, and strong access control.
One Identity Safeguard offers secure privileged access control, auditing, and seamless integration with features like password vaulting and advanced authentication.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
Cisco Identity Services Engine (ISE) is very good at device administration.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
I think One Identity should improve its documentation because it is vast and not clear, and clear documentation on implementing the solution would be advantageous for consultants.
 

Categories and Ranking

Cisco Identity Services Eng...
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
142
Ranking in other categories
Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)
One Identity Safeguard
Average Rating
8.0
Reviews Sentiment
6.9
Number of Reviews
41
Ranking in other categories
User Entity Behavior Analytics (UEBA) (6th), Privileged Access Management (PAM) (3rd)
 

Mindshare comparison

Cisco Identity Services Engine (ISE) and One Identity Safeguard aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 27.1%, down 31.6% compared to last year.
One Identity Safeguard, on the other hand, focuses on Privileged Access Management (PAM), holds 4.2% mindshare, down 4.7% since last year.
Network Access Control (NAC)
Privileged Access Management (PAM)
 

Featured Reviews

SunilkumarNaganuri - PeerSpot reviewer
Enhanced device administration hindered by complex deployment and security limitations
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
Tor Nordhagen - PeerSpot reviewer
Transparent mode for privileged sessions will greatly simplify our client's administrative situation
We're introducing the solution's transparent mode for privileged sessions. This is part of what the client hasn't used before. It will simplify their administrative situation greatly. So far, the rollout of this feature has been a seamless process, but we're still in the midst of rolling it out. The benefits will be on the risk side. Right now, the way accounts are managed, you don't necessarily know who is using an account. There's a shared admin account, and that's not a good thing. And those accounts are shared in wallets by several people. One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network.
report
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
842,651 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
26%
Computer Software Company
14%
Financial Services Firm
8%
Government
7%
Computer Software Company
24%
Financial Services Firm
12%
Government
6%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
What do you like most about One Identity Safeguard?
The identity discovery is good, and the performance is pretty good value.
What is your experience regarding pricing and costs for One Identity Safeguard?
One Identity Safeguard is expensive. The license is around $3,000 per month.
What needs improvement with One Identity Safeguard?
I find it complicated to implement HTTPS monitoring because the documentation is unclear. The disaster recovery process is complicated for me. For some configurations on the SPS side, if I need to ...
 

Also Known As

Cisco ISE
No data available
 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
Cavium
Find out what your peers are saying about Cisco, Hewlett Packard Enterprise, Fortinet and others in Network Access Control (NAC). Updated: March 2025.
842,651 professionals have used our research since 2012.